Forwarded from: Me <joe@plaguesplace.dyndns.org>
On Fri, Nov 09, 2001 at 02:54:32AM -0600, InfoSec News wrote:
> Forwarded from: Ejovi B. Nuwere <ejovi@ejovi.net>
> Cc: nicole.bellamy@zdnet.com.au
[snip]
> Or are you saying that it works on Linux? I'm confused. I suspect you
> are too. Why did you not research the subject, if you had you would
> have found tripwire (http://www.tripwire.org/) which has been around
> and widely used for almost 10 years.
>
> What about quoting experts other then the company CEO? Either you've
> been had, or need a refresher course in journlistic intergrity.
>
> Your friend,
> ejovi
On Fri, Nov 09, 2001 at 02:57:46AM -0600, InfoSec News wrote:
> Forwarded from: security curmudgeon <jericho@attrition.org>
> cc: nicole.bellamy@zdnet.com.au, errata submission <errata@attrition.org>
>
> Unless there is more to it, this claim is completely wrong.
>
> Hell, one could argue that "syslog" matches this description since it
> will log audit related events.
[snip]
I think there is more to it.
This is not the same thing as tripwire or any other host based
intrusion dection system. This is more like the security auditing
system that you would find described in the rainbow books. You would
find such an auditing system on a C2 trusted system or higher. This
is something that has been woefully lacking on linux systems. We have
had the mandatory access control lists. This auditing system goes
hand in hand with MACs.
http://www.fas.org/irp/nsa/rainbow/tg001.htm
http://www.intersectalliance.com/projects/Snare/index.html
joe
--
Don't forget to feed your brainworms chocolate covered mothballs or the pigs
will eat grandma on the farm.
--paraphrased Joe Walsh from the Drew Carey allstar improv.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.
Received on Mon Nov 12 09:54 CST 2001